[jboss-jira] [JBoss JIRA] (WFLY-8772) Deployments referencing outbound connection with authentication context always use Elytron default-authentication-context

Farah Juma (JIRA) issues at jboss.org
Mon May 15 11:51:01 EDT 2017 

     [ https://issues.jboss.org/browse/WFLY-8772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma reassigned WFLY-8772:
--------------------------------

    Assignee: Farah Juma  (was: David Lloyd)


> Deployments referencing outbound connection with authentication context always use Elytron default-authentication-context
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-8772
>                 URL: https://issues.jboss.org/browse/WFLY-8772
>             Project: WildFly
>          Issue Type: Bug
>          Components: Remoting, Security
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Blocker
>              Labels: eap7.1-rfe-blocker, eap7.1-rfe-failure, eap71_beta_candidate
>
> Analysis document for EAP7-551 states the following:
> {quote}This RFE is to add a reference to the new authentication-context capability to the remote-outbound-connection resource and make use of it satisfy the security requirements for the outbound connections being established.
> The AuthenticationContext will be used to access both information required for authentication and also for any SSLContext required for the connection.
> A newly referenced authentication-context will be used to provide all security configuration for outbound connections.{quote}
> However, currently the remoting outbound connections will only use Elytron default authentication context and ignore authentication context defined in remoting outbound connection resource:
> * If no default authentication context is defined in Elytron subsystem but remote outbound connection has defined one, no authentication context is associated with remote outbound connection.
> * If the default authentication context is defined in Elytron subsystem but no authentication context is defined in remote outbound connection, remoting assumes that outbound connection uses legacy security.
> * If the default authentication context is defined in Elytron subsystem and different authentication context is defined in remote outbound connection, the remote outbound connection will use the Elytron subsystem default none the less.
> * The authentication context defined in outbound remote connection will only work if it is the same as default authentication context in Elytron subsystem.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list